Financial processes targeted by ‘invisible’ cyber attacks

A report by Kaspersky Lab has uncovered a series of “invisible” targeted attacks that don't use malware, just legitimate software already on your system.

So-called invisible attacks use 'penetration-testing' software, such as Meterpreter, as well as the PowerShell framework for task automation in Windows, according to Kaspersky Lab. The attacks can go undetected and traces of the hackers are wiped when the system is rebooted.

The study found that banks, telecommunication companies and government organisations in the US, South America, Europe and Africa were among the top targets.

Ultimate goal is to control financial processes

Kaspersky Lab showed that the 'invisible attack' code is able to hide in the system's memory and can collect system administration passwords, enabling attackers to gain remote access to systems, with the goal of being able to control the company's financial processes.

These attacks are happening on a massive scale, according to the cybersecurity company, affecting more than 140 enterprise networks in a range of business sectors in 40 countries, with most victims located in the US, France, Ecuador, Kenya, the UK and Russia – see graph below:

Source: Kaspersky Lab

Using legitimate software that hides within the system's memory makes the security breach very difficult to detect. “The determination of attackers to hide their activity and make detection and incident response increasingly difficult explains the latest trend of anti-forensic techniques and memory-based malware,” said Kaspersky Lab's Sergey Golovanov.